April 2007 Blog Posts
You can now vote on sessions you want to see at the next Developer Day. It's rather funny to see an entire Security section manned by my colleague, Chris Seary, and myself, I should have submitted more than one session just to try to catch up with Chris I hope to cover CardSpace, a talk I originally gave at WebDD except this time I won't be up against ScottGu <g> Richard Costall described the session from WebDD thus; I ended up being lured into a talk on CardSpace by Barry Dorrans. His session was described as the Overflow room for Scott's...
I'm a sucker for statistics (the number of people searching for "squiring girls" who end up on my site, due to my entry titled "Squirting at the London Girl Geek Dinner" and when someone showed me the fun things google analytics produce I was hooked. Right now, however, there's no easy way to add custom code to every page on a subtext blog. Once I get my SQL installation up and running again (or bite the bullet and reinstall everything *sigh*) I hope to tackle that. So how do you go about it? Well, every subtext page, underneath the hood...
When I used to work in streaming media Brandon Wirtz was very active on the WM mailing list. Now he's on a quest to become the Greatest Living American. Admittedly I don't know who Stephen Colbert is, not living in yank land, but apparently he's on a quest with Alchemist Media via SEO to grab the title via google bombing.
Sod that, making someone working on an MS campus rank as the Greatest Living American amuses me :) Of course making Brandon the Greatest Undead American tickles me even more.
Technorati tags: meme, greatest living american
CardSpace errors. CardSpace has a lot of potential errors, 31 at the current count, but how to you catch them on the client? The CardSpace samples don't illustrate this, and end up submitting a null token to the relying party. This isn't particularly friendly to the user, or to the relaying party; ideally you'd be able to detect that a user canceled the CardSpace dialog and not submit your form. If you examine the error list you will see there is a specific HRESULT, IDS_E_ICARD_USERCANCELLED which is returned when the user cancels the CardSpace UI, but the question remains how do you access the...
A new CTP was announced by the Windows Home Server group today. The install is a lot smoother and allows you (finally) to choose the server name and regional settings. However they've introduced a new problem; strong passwords. My normal administrator password isn't strong enough, and neither is my user login. An option is provided to turn off the password complexity requirements; but it doesn't work. At all. By default the slide says it's medium, the requirements of which my password meets, however I'll be damned if I can actually enter it. So now in order to access shares on my...
Last Thursday saw Chris Seary and myself presenting at the Microsoft offices in sunny (yes, really) Edinburgh for the Scottish Developers Group. Thanks must go to Craig and John for organising. I presented an updated (trendy white on black) "Hacking Websites for Fun & Profit", "Securing ASP.NET Websites and Applications" and "An Introduction to Windows CardSpace". An audience member (sorry, I didn't catch your name) asked me to put together some resource links on SQL Injection, XSS and so on. Probably the best breakdown of SQL Injection is Chris Anley's PDF, "Advanced SQL Injection In SQL Server Applications". The XSS FAQ is...
ScottGu just pushed out an article on Self-Signed certificates on IIS 7.0 which reminded me to blog about certificates and CardSpace. One of the problems in getting started with CardSpace is it's reliance on certificates. The relaying party needs an SSL certificate and the STS needs a certificate. MS distribute their test certificates for Fabrikam and Adatum in the CardSpace samples, but what if you don't want to pretend to be Fabrikam.com? You end up making your own. However there's a problem. The STS sample as delivered checks the CRL when it decrypts the RST. Generally self signed certificates, such as...
Last month I blogged about the problems I had when trying to upgrade to SQL Express SP2 (and MS's refusal to let me open a support incident on it). As the Scottish Developers day draws closer and one of my presentations depended on SQL Express I decided to try to clean everything up and try again. Eventually I managed to uninstall SQL Developer Edition. Once the machine was clean, and had I hand deleted a bunch of left over registry entries I tried the SQL Express SP2 install. It worked! Bliss. So next was installing SQL Developer Edition. This was problematic to...
If you missed my Introduction to CardSpace at WebDD, can't make the Scottish Developers Security Day or wanted to see it at the canceled VBug Cambridge session I will be presenting it at VBug London on the Wednesday 18th July. The session covers both accepting cards and issuing your own managed cards and how to write an STS.
Technorati tags: cardspace, vbug